This decade’s about to wrap up, so I decided to spend some time
describing my development workflow as the year nears its end.

What I find interesting in my setup is that it entertains
working on a local k8s cluster — mainly to keep in touch
with the systems that run in production.

Running k8s locally isn’t what
you’d want to do to begin with, but rather a natural path
once you start wanting to replicate the environment that runs
your live applications. Again, you don’t need a local k8s
cluster just ‘cause, so make sure you have a good reason
before going through the rest of this article.

I’m pleased to announce (even though you might have already heard about this on my Twitter stream)
that the ebook on web application security I’ve been working on over the past year is now
officially available for sale, at the hopefully-reasonable price of $6.99 $9.99.

You can now buy the book at leanpub.com/wasec, while Kindle enthusiasts will
have to wait a few more days for it to become available there: it is currently available for pre-order
and should be generally available in the next few days.

WASEC is the culmination of over a year of thoughts regarding my experience with web application
security from the point of view of a software engineer, rather than the one of a security researcher.
I believe software engineers might find it extremely interesting as it approaches defensive security
from the point of view of someone who has to build an app and needs to keep security into consideration
among other things.

If you’ve enjoyed the content of this article, consider buying the complete ebook on either the Kindle store or Leanpub.

Often times, we’re challenged with decisions that have a direct impact on the security of our applications, and the consequences of those decisions could potentially be disastrous. This article aims to present a few scenarios you might be faced with, and offer advice on how to handle each and every single of them.

This is by no means an exhaustive list of security considerations you will have to make in your day to day as a software engineer, but rather an inspiration to keep security at the centre of your attention by offering a few examples.

In the latest release of ABS, we introduced a package manager
that fetches an archive from GitHub and installs it locally:
like in many other command-line interfaces, we decided to
add a “loader” to accompany the process, something that looks
like this:

I want to take a moment to reflect on how we implemented
the simple spinner you see in the video, a process that derives
from typewriters and movies — let’s get to it!

Well, that’s me every other day: I love JS for
its flexibility and dynamism, but I also sometimes find
it painful to deal with, especially in some
specific programming contexts.

If you, like me, hoped to be able to write
something other than JavaScript in order to get
stuff done on the web, chances are you bumbed
into WebAssembly (abbr. WASM),
and considered it your holy grail. WASM
is a portable binary format that’s been
implemented by all major browsers and
allows other languages to be compiled for the
web.

Why is that important? Well, that’s the key
of how I managed to run an ABS playground
(a code runner) on the browser.